Main Vulnerability Database Exploits ID:12036 - Exploit for Untrusted search path in Unity Editor - CVE-2025-59489

ID:12036 - Exploit for Untrusted search path in Unity Editor - CVE-2025-59489

Published: October 24, 2025

Vulnerability identifier: #VU116896

Vulnerability risk: Low

CVE-ID: CVE-2025-59489

CWE-ID: CWE-426

Exploitation vector: Local access

Vulnerable software:
Unity Editor

Link to public exploit:

https://github.com/taptap/cve-2025-59489

Vulnerability description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to usage of an untrusted search path. A local user can place a malicious binary into a specific location on the system and execute arbitrary code with escalated privileges.

Note, the vulnerability is described in the Unity Editor application although it directly affects all apps build it Unity Editor.

Remediation

It is recommended to rebuild all applications built with Unity Editor after installing the latest version of the editor.

ID:12036 - Exploit for Untrusted search path in Unity Editor - CVE-2025-59489

Link to public exploit:

Vulnerability description

Remediation

Please verify you're human